赶尽杀绝…

显示全部楼层 · 发表于 2008-5-4 19:57:00

Log is generated by FreShow.
[wide]http://www.c818.com/
[frame]http://fkoomm.com/112/
      [frame]http://fkoomm.com/112/14.htm
         [object]http://fkoomm.com/112/112.exe
      [frame]http://fkoomm.com/112/r.htm
         [object]http://a.xx360.info/112/112.exe
      [frame]http://fkoomm.com/112/1.htm
         [frame]http://fkoomm.com/112/14.htm
            [object]http://fkoomm.com/112/112.exe
         [frame]http://fkoomm.com/112/real.htm
            [object]http://a.xx360.info/101/101.exe
         [frame]http://fkoomm.com/112/lz.htm
            [object]http://a.xx360.info/102/102.exe
[frame]http://fkoomm.com/112/
      [frame]http://fkoomm.com/112/14.htm
         [object]http://fkoomm.com/112/112.exe
      [frame]http://fkoomm.com/112/r.htm
         [object]http://a.xx360.info/112/112.exe
      [frame]http://fkoomm.com/112/1.htm
         [frame]http://fkoomm.com/112/14.htm
         [frame]http://fkoomm.com/112/real.htm
         [frame]http://fkoomm.com/112/lz.htm
         [object]http://ww.baidu.com/new.cab

其中new.cab无法下载，再去除重复的就只剩3个…这三个都是同一个特征码,ntldr.exe的变种

然后再下载15个木马，其中7a.exe挂了，不能下载，也就是只有14个

http://59.60.154.154/1a.exe
http://59.60.154.154/2a.exe
http://59.60.154.154/3a.exe
http://59.60.154.154/4a.exe
http://59.60.154.154/5a.exe
http://59.60.154.154/6a.exe
http://59.60.154.154/7a.exe
http://59.60.154.154/8a.exe
http://59.60.154.154/9a.exe
http://59.60.154.154/10a.exe
http://59.60.154.154/11a.exe
http://59.60.154.154/12a.exe
http://59.60.154.154/13a.exe
http://59.60.154.154/14a.exe
http://59.60.154.154/15a.exe

复制代码

样本包总计17个

显示全部楼层 · 发表于 2008-5-4 20:06:49

嘿嘿，其实这下载地址也算够老。

显示全部楼层 · 发表于 2008-5-4 20:09:11

Starting the file scan:
Begin scan in 'E:\AV\12a.exe'
E:\AV\12a.exe
  [0] Archive type: OVL
  --> Object
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.acft
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ajv
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\13a.exe'
E:\AV\13a.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abzd.12
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\14a.exe'
E:\AV\14a.exe
  [0] Archive type: OVL
  --> Object
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.accf
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ajv
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\15a.exe'
E:\AV\15a.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      --> Object
      [3] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aani
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\112.exe'
E:\AV\112.exe
   [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\101.exe'
E:\AV\101.exe
   [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\102.exe'
E:\AV\102.exe
   [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\1a.exe'
E:\AV\1a.exe
   [DETECTION] Is the Trojan horse TR/Drop.Age.51042.B
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\2a.exe'
E:\AV\2a.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/Dldr.Delf.epw.1
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\3a.exe'
E:\AV\3a.exe
  [0] Archive type: OVL
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.acqi.1
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\4a.exe'
E:\AV\4a.exe
--> Object
   [1] Archive type: RSRC
   --> Object
         [DETECTION] Is the Trojan horse TR/PSW.Online.ddn.2
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\5a.exe'
E:\AV\5a.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\6a.exe'
E:\AV\6a.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abzd.5
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\8a.exe'
E:\AV\8a.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\9a.exe'
E:\AV\9a.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abtp
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\10a.exe'
E:\AV\10a.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\11a.exe'
E:\AV\11a.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abzd.33
   [NOTE]    The file was deleted!

End of the scan: 2008年5月4日  20:10
Used time: 00:32 min
The scan has been done completely.
   0 Scanning directories
   17 Files were scanned
   20 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   17 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   -3 Files not concerned
   0 Archives were scanned
   0 Warnings
   17 Notes

显示全部楼层 · 发表于 2008-5-4 20:20:45

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Suspicious.Worm.Win32.Autorun.a
病毒： Trojan.DL.Win32.Agent.bxw
病毒： Trojan.DL.Win32.Direct.me
病毒： RootKit.Win32.XNGAnti.a
病毒： RootKit.Win32.XNGAnti.a
病毒： Packer.Win32.Upack.a
病毒： Trojan.PSW.Win32.GameOL.nfp
病毒： Trojan.PSW.Win32.GameOL.hz
病毒： Trojan.PSW.Win32.GameOL.nei
病毒： Trojan.PSW.Win32.GamesOnline.wq
病毒： Suspicious.Trojan.Win32.DelSelf.a
病毒： Trojan.PSW.Win32.GameOL.nhb

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.42.62

显示全部楼层 · 发表于 2008-5-4 21:05:39

显示全部楼层 · 发表于 2008-5-4 21:48:38

已扫描的磁盘，文件夹及文件：C:\Documents and Settings\Administrator\桌面\AV.rar
C:\Documents and Settings\Administrator\桌面\AV.rar >>RAR >>112.exe - Win32/Anilogo.F 蠕虫
C:\Documents and Settings\Administrator\桌面\AV.rar >>RAR >>101.exe - Win32/Anilogo.F 蠕虫
C:\Documents and Settings\Administrator\桌面\AV.rar >>RAR >>102.exe - Win32/Anilogo.F 蠕虫
C:\Documents and Settings\Administrator\桌面\AV.rar >>RAR >>1a.exe - Win32/PSW.Delf.NKU 木马
C:\Documents and Settings\Administrator\桌面\AV.rar >>RAR >>2a.exe - Win32/TrojanDownloader.Delf.OBY 木马的变种
C:\Documents and Settings\Administrator\桌面\AV.rar >>RAR >>3a.exe - Win32/PSW.OnLineGames.XZN 木马的变种
C:\Documents and Settings\Administrator\桌面\AV.rar >>RAR >>4a.exe - Win32/PSW.OnLineGames.MUG 木马
C:\Documents and Settings\Administrator\桌面\AV.rar >>RAR >>5a.exe - 可能是 Win32/PSW.OnLineGames.NFL 木马的一个变种
C:\Documents and Settings\Administrator\桌面\AV.rar >>RAR >>6a.exe - Win32/PSW.OnLineGames.MUG 木马的变种
C:\Documents and Settings\Administrator\桌面\AV.rar >>RAR >>8a.exe - 可能是 Win32/PSW.OnLineGames.NFL 木马的一个变种
C:\Documents and Settings\Administrator\桌面\AV.rar >>RAR >>9a.exe - 可能是 Win32/PSW.OnLineGames.NFL 木马的一个变种
C:\Documents and Settings\Administrator\桌面\AV.rar >>RAR >>10a.exe - 可能是 Win32/PSW.OnLineGames.NFL 木马的一个变种
C:\Documents and Settings\Administrator\桌面\AV.rar >>RAR >>11a.exe - Win32/PSW.OnLineGames.MUG 木马的变种
C:\Documents and Settings\Administrator\桌面\AV.rar >>RAR >>12a.exe - Win32/PSW.OnLineGames.XZN 木马的变种
C:\Documents and Settings\Administrator\桌面\AV.rar >>RAR >>13a.exe - Win32/PSW.OnLineGames.MUG 木马
C:\Documents and Settings\Administrator\桌面\AV.rar >>RAR >>14a.exe - Win32/PSW.OnLineGames.XZN 木马
C:\Documents and Settings\Administrator\桌面\AV.rar >>RAR >>15a.exe - Win32/PSW.OnLineGames.MUG 木马
已扫描的文件数目：17
已发现的病毒数目：17
完成时间： 21:41:51 总扫描时间：9 秒 (00:00:09)

显示全部楼层 · 发表于 2008-5-5 00:35:30

可以下26个

显示全部楼层 · 发表于 2008-5-5 00:39:33

这台服务器怎么还没被端掉？

显示全部楼层 · 发表于 2008-5-5 07:54:58

Starting the file scan:

Begin scan in 'E:\AV\新建文件夹'
E:\AV\新建文件夹\26a.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\27a.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\28a.exe
  [0] Archive type: OVL
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.acqi.1
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\29a.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\2a.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/Dldr.Delf.epw.1
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\30a.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abzd.21
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\3a.exe
  [0] Archive type: OVL
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.acqi.1
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\4a.exe
--> Object
   [1] Archive type: RSRC
   --> Object
         [DETECTION] Is the Trojan horse TR/PSW.Online.ddn.2
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\5a.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\6a.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abzd.5
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\11a.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abzd.33
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\12a.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\13a.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abzd.12
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\14a.exe
  [0] Archive type: OVL
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.acqi.1
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\15a.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      --> Object
      [3] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aani
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\16a.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.QQpass.btc
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\17a.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\18a.exe
   [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\19a.exe
  [0] Archive type: OVL
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.acqi.1
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\1a.exe
   [DETECTION] Is the Trojan horse TR/Drop.Age.51042.B
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\20a.exe
  [0] Archive type: OVL
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.acqi.1
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\21a.exe
  [0] Archive type: RSRC
--> Object
   --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abhg
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\22a.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\23a.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\24a.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\25a.exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!

End of the scan: 2008年5月5日  07:56
Used time: 00:19 min

The scan has been done completely.

   1 Scanning directories
   26 Files were scanned
   33 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   26 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   -7 Files not concerned
   0 Archives were scanned
   0 Warnings
   26 Notes

显示全部楼层 · 发表于 2008-5-5 08:00:28

信息 2008-05-05  08:00:14 您此次查毒清除了15个病毒
信息 2008-05-05  08:00:14 您此次查毒共查出15个病毒以及危险代码
信息 2008-05-05  08:00:14 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件31个
信息 2008-05-05  08:00:14 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-05-05  08:00:14 D:\Desktop\AV.rar\15a.exe Win32.Hack.UpackT.a.15981 清除成功
病毒 2008-05-05  08:00:14 D:\Desktop\AV.rar\14a.exe Win32.Troj.OnlineGameT.pq.57344 清除成功
病毒 2008-05-05  08:00:14 D:\Desktop\AV.rar\13a.exe Win32.Troj.OnlineGamesT.zy.32923 清除成功
病毒 2008-05-05  08:00:14 D:\Desktop\AV.rar\12a.exe Win32.Troj.OnlineGameT.zp.57344 清除成功
病毒 2008-05-05  08:00:14 D:\Desktop\AV.rar\11a.exe Win32.Troj.OnlineGamesT.zy.32923 清除成功
病毒 2008-05-05  08:00:13 D:\Desktop\AV.rar\9a.exe Win32.Troj.GameOnlineT.nf.69897 清除成功
病毒 2008-05-05  08:00:13 D:\Desktop\AV.rar\6a.exe Win32.Troj.OnlineGamesT.zy.32923 清除成功
病毒 2008-05-05  08:00:13 D:\Desktop\AV.rar\5a.exe Win32.Hack.UpackT.a.15981 清除成功
病毒 2008-05-05  08:00:13 D:\Desktop\AV.rar\4a.exe Win32.Hack.UpackT.a.15981 清除成功
病毒 2008-05-05  08:00:13 D:\Desktop\AV.rar\3a.exe Win32.Troj.OnlineGameT.zp.57344 清除成功
病毒 2008-05-05  08:00:13 D:\Desktop\AV.rar\2a.exe Win32.TrojDownloader.Direct.me.110592 清除成功
病毒 2008-05-05  08:00:13 D:\Desktop\AV.rar\1a.exe Win32.Hack.Delf.m.221184 清除成功
病毒 2008-05-05  08:00:13 D:\Desktop\AV.rar\102.exe Win32.Troj.LwyMum.ur.27425 清除成功
病毒 2008-05-05  08:00:13 D:\Desktop\AV.rar\101.exe Win32.Troj.LwyMum.ur.27425 清除成功
病毒 2008-05-05  08:00:13 D:\Desktop\AV.rar\112.exe Win32.Troj.LwyMum.ur.27425 清除成功

[病毒样本] 赶尽杀绝…

本帖子中包含更多资源

评分

39/18

本帖子中包含更多资源

本帖子中包含更多资源

回复 7楼冷冷的帖子

[病毒样本] 赶尽杀绝…

本帖子中包含更多资源

评分

39/18

本帖子中包含更多资源

本帖子中包含更多资源

回复 7楼 冷冷 的帖子

回复 7楼冷冷的帖子